agentforge

Reusable, project-scoped slash commands shared by all three AI tools. This

Regenerate agent-os adapters from common and fix any drift

Draft a requirement (tree first) for review, then build the production-ready slice

Run the full PR gate (pnpm ci:local) and summarize failures with fixes

Merge a PR once CI is green and approvals are in

Read-only changelog and release-notes reviewer. Scans CHANGELOG.md, recent git log, and merged PR titles to verify the changelog is accurate, complete, and follows the project's Keep a Changelog / conventional-commits format. Flags missing entries, wrong version bumps, and unreleased sections that are stale. Does NOT write commits or push — produces a gap report only.

Diagnoses a single failing core-be PR CI check and returns a short root-cause summary with a fix plan. Use when the user asks why CI failed or to diagnose a specific GitHub Actions job. Runs in isolation so verbose CI logs do not bloat the main conversation.

Runs pnpm audit, analyzes vulnerabilities, and returns a prioritized fix plan — severity, affected package, recommended action (patch/update/replace/accept). Read-only; produces a report for the user to act on, never edits package.json or lockfile.

Full on-request audit of the docs/ directory — checks index completeness, naming conventions, Mermaid diagrams, and cross-links. Use when the user asks to audit or review documentation, or after a large docs reorganization. Read-only; returns an issues list, never edits files.

Sweeps infrastructure, middleware, and config for production-hardening gaps — security headers, JWT/CORS/rate limits, DB pool/SSL, Redis, external-service resilience, logging redaction, worker limits, and CI scanning. Returns a prioritized gap list. Read-only; produces a report for the user to act on, never edits files.

Enforces the core-be public API contract conventions — snake_case route params, prefixed public ids, the uniform method→status policy, and the header naming matrix — across routes, validators, tests, OpenAPI/Postman docs, and the route-status gates. Use when adding or changing any route, param, header, public id, or response status.

Ensures code is commit-ready. Invoked when the user runs git commit (enforced by Husky pre-commit) or when the user asks to fix a failed commit. Run the guard checks and fix any failures before committing.

Maintains Toxiproxy chaos tests under src/tests/chaos/. Use when adding fault-injection scenarios or changing chaos CI/provision scripts.

Investigate a single failing PR CI check in core-be and return a short root-cause summary with a fix plan. Use when the user asks why CI failed or to diagnose a specific GitHub Actions job.

Maintains the 3-layer code quality and security pipeline (editor Biome, Husky pre-commit hooks, CI security scanning). Use after changing Biome rules, pre-commit hooks, CI workflows, lint-staged config, or adding new security tooling.